Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order

Meta detected and blocked spear-phishing attacks connected to NSO Group, the Israeli surveillance company. The attacks targeted WhatsApp users through malicious links designed to redirect victims to external websites controlled by NSO.

Meta filed a federal court contempt order against NSO Group for violating a permanent injunction issued in 2021. That injunction explicitly prohibited NSO from targeting WhatsApp and its users after the company's Pegasus spyware exploited a zero-day vulnerability in WhatsApp's calling feature, affecting approximately 1,400 users globally.

The phishing campaign represents NSO's continued efforts to circumvent court restrictions. Rather than deploying technical exploits, the group shifted tactics to social engineering. Attackers crafted messages designed to appear legitimate, then used shortened URLs and redirects to obscure the destination and evade detection.

NSO has faced mounting international pressure and legal action. Multiple governments restricted the company's operations following revelations about Pegasus abuse targeting journalists, human rights activists, and political opponents. The U.S. Commerce Department blacklisted NSO in 2021, effectively blocking its access to American technology.

The contempt filing reflects Meta's aggressive posture against NSO since the 2021 lawsuit. Meta previously disclosed that NSO operatives attempted multiple times to exploit WhatsApp vulnerabilities after the injunction took effect. Each incident strengthened Meta's legal position and demonstrated NSO's flagrant disregard for court orders.

For organizations and users, this attack underscores the persistent threat from nation-state-linked spyware vendors. NSO continues adapting its methods despite legal restrictions. The phishing approach requires less technical sophistication than zero-day exploitation but remains effective against users unfamiliar with social engineering tactics. WhatsApp users should remain vigilant about clicking links from unknown sources, even if messages appear to come from trusted contacts